Role Assignment Precedence for SIP Servlet Roles
Converged Application Server provides several ways to map sip.xml roles to actual roles in the SIP Container during deployment. For declarative and programmatic security defined in sip.xml, the order of precedence for role assignment is:
-
If weblogic.xml assigns a sip.xml role in a
security-role-assignment
element, thesecurity-role-assignment
is used.Note:
Converged Application Server also requires a role definition in web.xml in order to use a security-role-assignment. See "Important Requirements".
-
If no
security-role-assignment
is available (or if the required web.xml role assignment is missing), implicit role assignment is used.
For run-as
role assignment, the order of precedence for role assignment is:
-
If weblogic.xml assigns the sip.xml deployment descriptor's
run-as
role in arun-as-principal-name
element defined withinservlet-descriptor
, therun-as-principal-name
assignment is used.Note:
Converged Application Server also requires a role definition in web.xml in order to assign roles with run-as-principal-name. See "Important Requirements".
-
If weblogic.xml assigns the sip.xml deployment descriptor's
run-as
role in arun-as-role-assignment
element, therun-as-role-assignment
element is used.Note:
Converged Application Server also requires a role definition in web.xml in order to assign roles with
run-as-role-assignment
. See "Important Requirements". -
If weblogic.xml assigns the sip.xml deployment descriptor's
run-as
role in asecurity-role-assignment
element, thesecurity-role-assignment
is used.Note:
Converged Application Server also requires a role definition in web.xml in order to use a
security-role-assignment
. See "Important Requirements". -
If no
security-role-assignment
is available (or if the required web.xml role assignment is missing), implicit role assignment is used.